Wednesday, July 6, 2016

The Hummingbad Malware

According to a CNET report, at least 10 million Android devices have been affected by a Chinese malware called 'HummingBad'. It was first discovered by a security company called Check Point who are said to have been tracking the malware since February. The malware came in to the spotlight earlier this month when CheckPoint published their report 'From HummingBad to worse'. It is suspected that a team of developers at Yingmob, an advertisement analytics company based in Beijing, are responsible for developing the malware. The malware has had its major impacts in China and India, both measuring up to a over a million device each.

Nature of the malware:

HummingBad uses a sophisticated, multi-stage attack chain with two main components. The first component attempts to gain root access on a device with a rootkit that exploits multiple vulnerabilities. If successful, attackers gain full access to a device. If rooting fails, a second component uses a fake system update notification, tricking users into granting HummingBad system-level permissions.

Irrespective of whether rooting is successful, HummingBad downloads as many fraudulent apps to the device as possible. The malicious apps in the HummingBad campaign are made of a mix of several malicious components, many of which have variations with the same functionality. In some cases, the malicious components are dynamically downloaded onto a device after the infected app is installed. Also note, that the malware targets mainly the earlier versions of Android with most of the targeted device running on Jellybean or KitKat.

Is it a big deal?

Yes. Using the afore mentioned methodology, this group generate fraudulent ad revenue and it is found to have generated a whooping $3,00,000 per month. HummingBad tracks your phone use and sells the information to the highest bidder. Such groups are also called 'Data Brokers'. Now, that is not it. According to the report this group roots thousands of devices everyday and is successful in hundreds of attempts. These devices can further be used to create a botnet, to carry out targeted attacks on business firms and governments agencies. HummingBad  displays 20 million ads per day on which it receives 2.5 million clicks which in turn lets it install 50,000 fraudulent apps a day. Getting $0.00125 per click and $0.15 per application, it generates $10,000 per day.

Prevention and Cure:

To prevent HummingBad, it is advised not to install applications from unrecognized sources. Applications on Play Store are vetted by Google while those which are not do not withhold such guarantees and may be malicious.

If a device is compromised, the only option is to backup the data and hit a factory reset.

Information Courtesy: CNET

1 comment:

  1. I've been using AVG protection for a couple of years, and I recommend this product to you all.